48f891db36
feat: Fix review issues and integrate ASTRAL, PULSAR, AURORA product suite
...
Framework fixes:
- antifragile-manifest.md: Correct AI Sovereignty pillar (data residency/audit rights framing); add consultant note
- executive-summary.md: Same AI sovereignty correction; add EU Regulatory Context (NIS2, DORA, GDPR)
- README.md: Add Brownhat brand explanation; expand Standards Alignment with NIS2/DORA/GDPR
- core/about-cqre.md: Prominent TEMPLATE WARNING banner to prevent accidental sharing
- index.md: Add CQRE Product Suite; renumber consultant nav 1-26 consistently
New: playbooks/cqre-product-suite.md - ASTRAL/PULSAR/AURORA product reference with antifragile pillar alignment, regulatory mapping, deployment prerequisites, and objection handling
Updated: sovereign-tool-stack.md - ASTRAL updated to GitHub product spec; AOC replaced with PULSAR; AURORA section added
Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz >
2026-06-05 04:59:20 +00:00
tomas.kracmar
64f73371c9
feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization
...
New documents:
- core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7)
- core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing
- core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use
- core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE)
- core/executive-summary-cs.md: Czech translation of the board executive summary
- assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0)
- assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops)
- assessment-templates/module-completion-report.md: Module completion package template
- assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement)
- playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance
- playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels
Updated documents:
- playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings
- core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit
- reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md
- assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column
- index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25)
- README.md: Updated directory tree; updated Quick Start for Consultants
Czech localization pointers:
- executive-summary.md: Added Česká verze pointer
- nist-csf-baseline.md: Added Česká verze pointer
- engagement-model.md: Added note that client-facing Czech translation is planned
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-27 21:33:52 +02:00
tomas.kracmar
7bab42398a
Add Spontaneous Order Principles core document
...
Distills philosophical insights from emergent systems thinking into
five enterprise-applicable principles, mapped to the antifragile
manifest pillars. Excludes all anarcho-taoist references.
- New: core/spontaneous-order-principles.md
- Updated: core/antifragile-manifest.md (cross-references)
- Updated: index.md (navigation and document tables)
2026-05-25 10:07:00 +02:00
tomas.kracmar
2b969af2a8
feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks
...
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.
Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
antifragile pillars. Identifies 6 gaps with recommended closes:
Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
Zeek+Suricata (network analysis). Includes per-module tool pairing,
deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
2026-05-09 17:05:18 +02:00
tomas.kracmar
763da003d3
Initial commit: antifragile cybersecurity consulting blueprint
...
Complete repository of frameworks, playbooks, and assessment resources
for cybersecurity consultations focused on antifragile enterprise design.
Includes:
- Core philosophy and manifest (5 pillars)
- 12 modular engagement packages
- AI sovereignty and operations frameworks
- Zero-budget vulnerability discovery and hardening playbooks
- M365 E3 hardening and antifragile project plans
- Osquery sovereign discovery platform blueprint
- Perimeter scanning capability guide
- AI-assisted TVM blueprint for AI-powered adversaries
- Vertical specializations: banking, telco, power/utilities
- CIS Controls v8 and NIST CSF 2.0 mappings
- Risk registers and assessment templates
- C-suite conversation guide and business case templates
2026-05-09 16:53:22 +02:00
Claude Sonnet 4.6
tomas.kracmar